Target urged to continue response to security breach

Nearly one month after he learned that hackers had stolen payment card and personal information of tens of millions of Target customers as they shopped, CEO Gregg Steinhafel placed full-page ads in newspapers across the United States to apologize.

In a lengthy television interview on CNBC, Steinhafel said his heart sunk when he heard the news. He said Target accepts responsibility for the data theft, which occurred from late November to mid-December, and would do everything possible to protect consumers from fraud.

"I can't state enough how sorry I am that that happened," he said. "But this team is all in to make it right. We are not going to sleep until we get it right and we've regained the trust of our guest. And we're going to make it right with every guest that brings anything to our attention, whether it's today or in the future."

Retail analysts and public relations experts say Steinhafel handled the appearance well. But some said the timing of the corporate mea culpa — weeks after customer information became compromised — left much to be desired.

"Pretty much everything I heard him say are things he probably would have been able to say on day one, two or three," communications and crisis management consultant Jon Austin said. "So the question is why did it take so long to start saying them now?"

Austin, a former Northwest Airlines spokesman, said Target could have headed off some grief and earned credibility with consumers if Steinhafel had gone public earlier.

There's not much harm in offering such reassurances promptly, for they can go a long way toward gaining the confidence of people, said Austin, who added that Target shouldn't stop now.

"Continue this trend," he said. "One interview is great. But let's do a few more."

Steinhafel said the company always planned to disclose the breach on the fourth day. But he said he and other Target officials waited to be sure the breach had been fixed, the company had a good handle on what happened and Target would be ready to handle a flood of customer inquiries. But a blogger caught wind of the data theft and revealed it on Dec. 18, a day before Target did.

Retail consultant Carol Spieckerman said Target likely was waiting until it had the perfect story.
"You don't have to have the full story always to release what you do know," she said. "Now, I think the only getting ahead they could do would be to report on incremental changes or incremental news hopefully before the media does."

The Target CEO's account of what occurred received a more sympathetic response from veteran crisis management expert James Lukaszewski.

"In crisis situation, the first comment is always, 'They could have reported things earlier.' And my response to that is, 'Duh. Yeah, they could have but it would have been wrong,'" Lukaszewski said. "Look at what happened to the media in reporting things from Newtown and from the Boston explosion. This urgency of getting information out that is incorrect is a problem."

Target's stock closed down about two percent today. But that was better than the shares of two other big local retailers, Best Buy and Supervalu. The major indexes were all down about one percent.

Steinhafel confirmed hackers infected the retailer's sales terminals with malware and grabbed about 40 million payment card numbers, along with names, phone numbers and email and mailing addresses of 70 million customers. There's some cross-over between the two groups but it's unclear how much.

He pledged to get to the bottom of the theft and again made assurances customers won't lose a penny. He also reiterated the company will give customers free credit monitoring and identity theft protection.

"We're all about the trust in the relationship," he said. "This is what we built the franchise on."

Target isn't offering a forecast yet about what the data breach could end up costing. But industry analysts figure it could be several hundred million dollars, counting everything from fraudulent charges and reissued cards to fines and lawsuits.

Analysts say the data breach will blow over and Target will face more serious challenges to its performance, including its poor showing so far in Canada and tight-fisted American consumers still too worried about the economy to spend freely.